As computer technology grows in popularity, it is becoming widely available, mobile and functional, and users are becoming more proficient in working with computer technology. Such a high level of development of computer technology can also bring a number of security threats, due for example to the low level of protection of confidential information (CI) used during authorization of operations or authentication of the identity of the user of various electronic service.
Ensuring protection of CI is an urgent problem. The spread of malicious software capable of intercepting CI being entered from a keyboard or pin pad (a device for entering CI) of bank equipment, and also the spread of techniques of intercepting, illegal capturing and obtaining of CI may be the cause of unlawful access to bank accounts, illegal authorization of operations, and loss of data.
Each year more and more methods are appearing for the use of CI, such as a bank card number, password, login, biometric data, and so on. For example, by using bank account data a user can make purchases on the Internet, pay bills, and control his bank account.
At the same time, there is a growing number of ways of interception and unlawful use of CI. Spyware, keyloggers, and other malware installed on unprotected personal computers (PCs) are able to intercept the information being entered by the user, even if the CI was entered using a virtual keyboard, and send it to a hacker to carry out unlawful operations. To prevent the unlawful use of CI, some services make use of onetime passwords sent by SMS (Short Message Service), however hackers have developed schemes of intercepting SMS and obtaining the onetime passwords for authorization of unlawful operations. Another unresolved problem is the interception and reading of data needed to forge a bank card, or the use of the data read to perform banking operations. Hackers install interception means on bank equipment, such as a fake keypad, a magnetic card reader, or a camera to capture the moment of entering a card's pin code. In another familiar instance the hackers install specialized malware on computers which control the pin pads of payment systems, thereby obtaining CI entered by the unsuspecting user, and they employ this information to carry out unlawful operations.
The growth trend in vulnerable ways of using CI is a problem already confronting banks, corporations, critically important infrastructure facilities, and ordinary users of information systems, and it needs urgent addressing